- 2020/12/31, the vulnerability was found by us.
- 2021/01/25, the related details were reported to service@h3c.com.
- 2021/01/28, H3C refused to fix the vulnerability because H3C ER3100 had stopped production several years ago.
- 2021/04/30, 90 days after, we decide to make a disclosure
- Production Name: H3C ER3100
- Firmware version: V201R020
- Vulnerability type: stack buffer overflow